My Netbank Has Been Hacked

Cooperellie on 11/09/2015 - 10:28
Last edited 11/09/2015 - 21:32 by 1 other user

Last month our Netbank/CBA account was hacked and 3 x $600 was withdrawn in a 24hr period.
We did not discover the theft for 1 week as it was done in a sneaky way.

Three different separate accounts were created in our name and then hidden within the netbank pages when we had it open.
These three accounts each had a token amount (.15c)transferred to a paypal account then out of that same paypal account. Once that worked the amounts of $600 per account was transferred out.

We contacted the Commonwealth Bank immediately and they shut these random accounts down,but only after we went into the bank and they gave us a big run-around - they did not make it easy.

Fast forward a month and we have been reimbursed the $1800, but the bank does not know how it happened - or they are not willing to tell us. They have been monitoring the bogus accounts/paypal but I guess there have been no further activities. The thieves will have just moved on to the next suckers Net-bank account.

They said it 'could have been this or that', but that explanation is not acceptable to us so we are now going to shut down our accounts and find a bank that can protect it's customers.
We have been customers of CBA for 20+ years, but this has left a bad taste in our mouths.
I know internet theft must be almost impossible to control, but you would think that the biggest, most profitable bank in Australia would have 100% security.

Anyway, that's my rant.
Now we are looking for a new SAFE banking system with a competitor - any suggestions?

Cooperellie

Financial

Related Stores

Commonwealth Bank
Commonwealth Bank

Comments

  • nocure on 11/09/2015 - 10:31
    +63

    Take all your money out and hide it under your mattress…the hackers won't find it there.

    But seriously, you got your money back as per bank policy…No need to go though the hassle of changing banks..let the them worry about the hackers and make sure you regularly change your passwords.

    • ItsMeAgro on 11/09/2015 - 14:56
      +18

      OP, I'm curious - now that you've closed the account you can safely tell us - what was the password? Your girlfriends name and year of birth, or something?

      By far the most likely reason for this is that you've used an easily guessable password, have SMS authentication turned off, or have allowed malware to be installed on your PC through clicking stuff carelessly.

      • kingmw on 13/09/2015 - 14:11
        +5

        Would 100% agree with this (bad password) or that you have some malware/keylogger on your computer.

        Most likely you were the only one affected (at the moment) otherwise we would have heard it through the news by now.

        • nikey2k27 on 15/09/2015 - 10:08
          +1

          i would cheek your computer never used public computers unless at bank. this happen to family member son was looking at porn end up with malware/keylogger mum end up $800,000 lost bank returned the money. they process by a new home. mum now has her own computer.

        • [Deactivated] on 17/09/2015 - 09:41

          @nikey2k27:

          And people say why bother paying for porn when it's free online.
          That is expensive porn.

  • JimB on 11/09/2015 - 10:40
    +21

    I heard the Central Bank of Nigeria is has good security :)

    So they opened 3 new accounts and then transferred $1,800 from your existing account?

    As above, all banks are targets of fraud. They paid you back, I wouldn't bother changing bank accounts.

  • QuickToThePointless on 11/09/2015 - 10:51
    +5

    I go with Pointless Banking Services - ill PM you the transfer details

    • CandyMan on 15/09/2015 - 05:42

      I go with ME bank ;)

  • GaelicAU on 11/09/2015 - 10:56
    +27

    ' but you would think that the biggest, most profitable bank in Australia would have 100% security'

    Unfortunately, in today's age, 100% online security is unachievable.

    • [Deactivated] on 13/09/2015 - 17:48
      +5

      What makes you believe it was the bank who wasn't secure?

      • geoffellis on 14/09/2015 - 01:01
        +2

        He didn't suggest that it was the bank who wasn't secure, only that it is not actually possible to have 100% security. Even massive corporations with teams dedicated to security, like Google, Facebook, and Microsoft get hacked.

  • PartyNextDoor on 11/09/2015 - 11:05
    +55

    You're quick to blame CBA but your account could have been compromised in other ways that have nothing to do with their security.

    • Mr BoMBAStiG on 11/09/2015 - 11:21
      +50

      This is definitely what happened. OP either had malware installed on their computer, clicked a malicious link and literally gave their login details to a 3rd party or used a public computer with a keystroke app installed.

      OP, instead of blaming others you should consider increasing your knowledge on safe computer and internet usage.

        • Olokun on 12/09/2015 - 09:42
          +19

          We are talking about NetBank here. Takes all of 10 seconds to create an account and another 5 to hide it. No calls or codes required once you are in NetBank.

        • MelBourne on 13/09/2015 - 18:42
          +1

          Sounds like your sister was the Executor of your mums estate, and had all the paperwork to provide them with proof.

          She or the documents may have mentioned that you will also need access to the accounts, so they looked you up, verified that you once had CBA accounts, and simply added you as a signatory to the accounts.

          They could have perhaps asked for your permission, but they didn't really need to Verify yourself… Because your sister did that.

        • Gina Rinehart on 13/09/2015 - 20:56
          +1

          The chance that a hacker hacked CBA and got OP's login info is extremely low. Rather, it is almost certain that OP accidentally allowed a gap in security, as cymon mentioned, such as using a public computer, public wifi network (it is very possible), keylogger, phishing attack, etc.

          People are not perfect, nor are the computer systems, but I'll eat a shoe if someone can prove the hacker literally hacked CBA to get into OP's account, rather than something like the above happened.

        • bs0 on 13/09/2015 - 23:28

          @Olokun:
          Oh wow, seems your right. Without doung the full process, seems I can open all sorts of new accounts from the CBA netbank app.
          Then linking PayPal accounts is straight forward as well, once you have NetBank access.

        • tasty-falafel on 14/09/2015 - 13:26
          +1

          The reason they didn't want to change the password is because the whole point of this scam is to transfer the money out of the account via PayPal and it takes time to set that up. If they had changed the password immediately OP would have called his bank and the scam would have failed. By doing it this way they avoid having to transfer to a legitimate bank account (requires valid ID to set up) and bank SMS verification security measures for transactions to other accounts.

          Also for the record you can create and hide accounts on the Netbank app, it only takes a couple of minutes.

      • mattyman on 12/09/2015 - 11:07
        +2

        Or just used a public connection that has been comprimised. Don't access secure sites when you are on public wifi.

        If it's someone else running the network, they could have their own server that authorises the secure certs to the website and the reissues a different cert back to your computer. This means that the server sitting in the middle can decrypt and read all of the traffic that passes through it. Usernames, passwords, etc.

        It is safer to do this on your own computer as you will get a broken lock symbol, but if you have an old browser and/or aren't paying attention, you could miss that indicator.

        If you are using a public computer, it can be setup to trust the server as a Root Authority. If this is the case then the secure lock will still look unbroken.

        Don't use public wifi.
        Don't use public computers.

        • dazweeja on 14/09/2015 - 18:10
          +2

          Regarding your first example, if you're on your own computer and using a modern browser (Chrome, Firefox, etc), you'll get more than a broken lock, you'll get a great big warning page and it will be impossible to navigate to the site without taking some action.

      • Skinnerr on 14/09/2015 - 05:05

        Yep. Bank security rivals the DoD. It wasn't their fault.

      • tyler.durden on 14/09/2015 - 19:46

        or public wifi..

        • ajs900 on 14/09/2015 - 19:49

          Man in the middle attack.

        • tyler.durden on 14/09/2015 - 19:51

          @ajs900:

          yeap, ppl can monitor all sorts of data if they are smart hackers

    • nocure on 11/09/2015 - 11:12
      +17

      They can't tell us because they don't know themselves.

    • ItsMeAgro on 11/09/2015 - 14:59
      +5

      If it's your fault (bad password, carelessness with malware on PCs you used) then they can't find out how this happened.

      All they can see is that you logged in and created those accounts using your password. The only clue they have that it wasn't you is that you told them it wasn't.

    • Olokun on 11/09/2015 - 16:48
      +4

      How can the bank tell you how YOU compromised your client number and password.

      Also you should have received an email every time a new account was created.

      The only change I can see that CBA can make to NetBank would be to require a net code any time a new account is created.

      • windrc on 13/09/2015 - 20:04
        +3

        cba should make it mandatory to have their customers to sit for a security proficiency test to avoid naive customers giving the bank a bad name due to their own faults.

        • smartazz104 on 14/09/2015 - 10:14
          +2

          Man no one would ever open a bank account again, not even bank staff.

  • airzone on 11/09/2015 - 11:28
    +1

    You are using 2 factor authentication for your bank account, right?

      • airzone on 11/09/2015 - 12:18
        +2

        That's what I have.. But they also do SMS codes as well.

      • cim85 on 12/09/2015 - 07:55

        I have a similar device which is a digital security key with alternating code - 2 factor online login - password then code from the key. Unless you have possession of the key there is no online access which substantially decreases the hack risk.

  • dylanando on 11/09/2015 - 11:35
    +34

    aww wish i had money in my account to be worried

  • nismo on 11/09/2015 - 21:25
    +22

    Change the Title, it's misleading, Netbank hasn't been hacked, just one person's account.

    • Mobe1969 on 12/09/2015 - 08:13
      -1

      So you can go to CBA online banking, create a whole new account, and link it to your login? I'm with another bank, and you most definitely can't do that via online banking.

      • tomclancy on 12/09/2015 - 08:49
        +3

        Yep. And you can do that with ANZ as well. Not sure about NAB or Westpac

  • Geewhizz on 12/09/2015 - 06:30
    +5

    The problem is not with Netbank security, but with your own.

    I'm assuming CBA has told you to change passwords etc, but have you done a malware scan?

    • tomclancy on 12/09/2015 - 07:55
      +34

      Our computers run virus scans every day on start-up.

      Malware does not equal virus

      most likely when I go to sites referred by Ozbargainers.

      Stop blaming others for your own incompetence. First CBA and now the ozbargain community for links? Grow up

      Everyone seems to think we are clueless in all this.

      I didn't at first but you keep digging that hole, so yeah now I'm pretty sure you are.

    • cim85 on 12/09/2015 - 08:00

      @Cooperellie Who would have thought that the OzB forums are full of cheeky, subversive people that want to outsmart you, lol

      One question - What is the digipass button (I don't use CBA)

    • [Deactivated] on 12/09/2015 - 12:49

      What anti-virus software do you use?

    • rolypoly on 13/09/2015 - 10:44
      +5

      Knowing almost nothing about your situation that is the conclusion people would come to. Trying to diagnose what caused the transactions over ozbargain is about as useful as diagnosing a sickness over ozbargain.

      I think you would have gotten much more productive responses to your thread if you had just kept it as "What online banking system do you use and have you had any security problems with it?" and not included any of your rant about CBA.

      Also this statement

      I know internet theft must be almost impossible to control, but you would think that the biggest, most profitable bank in Australia would have 100% security.

      contradicts itself.

    • ItsMeAgro on 14/09/2015 - 12:00

      sdfsdf

    • centrelink on 15/09/2015 - 15:10

      The most common way to hack is Social Engineering. It relies on them to communicate to you in some way and you may unintentionally give your own details to someone. That person can use that details against you.

      For exmaple; you may forgot your password and you can enable a password reset to your email account or you mobile phone. It will ask you a secret question and lets say it's "What is the name of your first pet?". This person can start talking to you and be friendly and all, and somehow includes the question into the conversation about pets and see if you had a first pet with a name. And voila he has the name of your pet. The next thing he has to do is get access to your email account or mobile phone and answer the secret question quickly to reset the email password ie: gain full control of your email account, thus potentially gaining full access to your whole other accounts using password resets.

      That is what you call a loophole/exploit/vulnerability.

      Think of it like a house, you can never be secure. You can rob a house by, breaking windows and entering, walking thru the backdoor. You can increase security like adding an alarm or whatnot but there will ALWAYS be a way to enter a house regardless. Bring a chainsaw and cut thru the door or enter from a Chinmey.

      Lesson is, the people who are closests to you are probably hackers.

      • tomclancy on 15/09/2015 - 17:20

        Lesson is, the people who are closests to you are probably hackers.

        My wife and kids are probably hackers???

  • zerocritical on 12/09/2015 - 07:28
    +1

    I think CBA's online security is an issue. Exactly the same thing happened with a couple of my friend's CBA accounts (though the amounts were different). That too not just once but twice for one of them. The replies and reimbursement process by CBA was pretty similar.

    Obviously, since then my friends have closed their CBA accounts and so did I. We have moved to other banks.

    • windrc on 13/09/2015 - 20:28
      +6

      the exact identical same thing happened to my neighbour's cousin's ex-girlfriend as well.

      • jaydeenturk on 15/09/2015 - 17:11

        Wow the exact same thing happened to my internet friend's real life friend's neighbour's cousin's ex-girlfriend too!
        small world.

        • windrc on 15/09/2015 - 19:06

          Six degrees of separation

  • nikhi24 on 12/09/2015 - 07:38
    +1

    How does netbank hide accounts in their system anyway? That in its self is odd. So did each account have an overdraft or did money from your real account get transferred to the fake accounts? You would think if it was transferred to a PayPal account they would be able to track it? No?

    • ef on 16/09/2015 - 13:44

      The hide account is just stop it showing in your netbank. If you have an inactive account that you never use you can hide it; you can always unhide the account later.

      • [Deactivated] on 17/09/2015 - 08:26

        and also if you an ashley madison account

  • rbrb on 12/09/2015 - 07:47
    +4

    Virus scans aren't enough, you need to look for malware as well. The majority of hacks like this are customer negligence and not the bank.

      • rbrb on 13/09/2015 - 07:45
        +1

        The company can also be at fault but they spend millions of dollars a year on security and have teams of staff to monitor their systems. People are so quick to blame to company rather that look at how they may have left themselves open to the attack.

        • lolz112 on 13/09/2015 - 13:06

          To be fair corporations have made it a lot easier. Take paypass for example, if you lose your card people can easily spend thousands of dollars before you realise and cancel your card.

        • ordinaryboy on 17/09/2015 - 09:42
          +1

          @lolz112: that's a terrible example; there's a maximum limit of $300 per day on Paypass transactions, with a limit per transaction of $100 so people can't 'easily spend thousands of dollars before you realise' at all.

      • Baysew on 26/09/2015 - 11:47
        +1

        Isn't the bank the victim here ?
        After all, they are the ones out of pocket.

  • nikhi24 on 12/09/2015 - 08:20
    +7

    You would have thought 3 x .15c was a pretty good indicated sign along with 3 new bank accounts that went a week overdrawn each unnoticed. I know with Nab when a withdraw/deposit of something like that happened they text me straight away and were keeping an eye on account. I just think it's not all posters fault. Banks have certain warning signs to look out for and they failed

  • pdperth on 12/09/2015 - 08:23
    -1

    Thanks for posting your experiences with cba. Only by doing this can the consumer be made aware of this massive problem. Banks need to invest far more to protect their customers. They are willing to wear the fraud because they save so much by online banking. Some of that saving should be invested on better systems.

    • pandabun on 12/09/2015 - 08:34
      +5

      They do invest a lot in security. I know someone who works in that department. But as others have said nothing is 100% secure.

  • Cooperellie on 12/09/2015 - 08:55
    +2

    cim85 - "One question - What is the digipass button (I don't use CBA)"

    It's a security token I carry around that gives me a 6 digit secondary login code (always random, never the same).
    When I log in to Netbank and after I enter my username/password etc I am then required to enter this extra code or Netbank cannot be accessed.
    I carry this token with me at all times so no-one else can use it.

    "Who would have thought that the OzB forums are full of cheeky, subversive people that want to outsmart you, lol"
    More like cheeky, abusive people.

    • cim85 on 12/09/2015 - 17:35
      +1

      @Cooperellie …. Ta for the info and I thought as much. Puzzling how 3 accounts can be opened without your knowledge. Pay the bank 1 day late and they suddenly have no prob notifying you :P ……and I've got some more colourful descriptions than 'abusive' …..better left unsaid, ha

  • Cooperellie on 12/09/2015 - 09:08

    nikhi24 -
    "How does netbank hide accounts in their system anyway? That in its self is odd. So did each account have an overdraft or did money from your real account get transferred to the fake accounts? You would think if it was transferred to a PayPal account they would be able to track it? No?"

    We have two accounts, one Access account that we use for everyday bills, wages etc and another account Netbanksaver which is a higher interest account that is attached to the Access account and we move money back and forth as required.
    As we generally only use the Access account we do not look at the other account every day, although when we log onto Netbank both accounts are available for us to view.

    The hackers opened up three new Access accounts from the Netbanksaver account and they were hidden within this account. We could not see the transactions and did not find the hidden accounts until we noticed that money was withdrawn from the Saver account in the bank account summary box. On closer inspection we noticed that there were three small crosses within the transaction listings that once we clicked on opened up to the new accounts and the transactions that had been made through them. We did not notice this at first as we generally don't work off this account when balancing credit cards and receipts etc.

    And yes, you would think that if it was transferred to a paypal the bank could track it, but they could not - although they tried for 1 month.

    • Olokun on 12/09/2015 - 09:49

      And yes, you would think that if it was transferred to a paypal the bank could track it, but they could not - although they tried for 1 month

      Could be as simple as a compromised PayPal account was used where that user was a victim as well as the recipient of the funds. There are many scams which use compromised PayPal accounts using stolen funds.

      Did you not receive emails when the new accounts were opened?

      • ef on 16/09/2015 - 14:00

        I don't see how CBA could track the transactions, to them it looks like you linked paypal accounts to your account. To link a paypal account for direct debit you need to know the amount transferred by paypal(the $0.15 mentioned). So to paypal it also looks legit because they know the transfer amount via access to your account.. Once the direct debit is setup you can transfer money through paypal. If they transfer to another paypal in another country linked with an account that was created with fake information they can withdrawal it. Paypal and the other bank need to track where the money goes CBA can't. Who would bother with all that trouble to track $600 through multiple organizations.

        Even if they try tracking the netbank access they would need to get the ISP/mobile provider to give out the info. If they used a cheap prepaid smart phone for access then they couldn't find who is using the phone anyway.

  • Baysew on 12/09/2015 - 09:52
    +10

    There was a certain amount of irony reading this on the same day CBA was having another outage on its systems.

    (http://www.theage.com.au/business/banking-and-finance/commba…)

    Why not try Citibank. Would any hacker have the patience to navigate their internet banking ?

    • ilikeradiohead on 14/09/2015 - 12:08

      Ugh, I remember when they made you click each key on a virtual keyboard (with your mouse) when you wanted to log in through the website. I just used the app because then I could use the native keyboard. Although I think making something a PITA will just deter genuine customers rather than nefarious types.

  • divergent on 12/09/2015 - 10:11
    +4

    I was a victim of fraud once, where someone in America used my credit card number for an $800 transaction. It was the bank (NAB) who told me about it, the same day, and after they'd discovered and rectified it. They simply cancelled the card and reissued a new one. I considered that great service, since I didn't need to do anything to be protected. If you're looking for another bank, I recommend NAB.

    • onetwothreefour on 13/09/2015 - 08:25
      +2

      ANZ did the same for me, refunded the money shortly after too.

      • Click_It on 14/09/2015 - 10:48

        I had an experience years ago where someone stole about $800. ANZ at the time immediately replaced it and said they'd actively persue the criminal on my behalf, saying I shouldn't be out of pocket needlessly.

        Was an awesome experience and is why I'm still with ANZ today.

        • [Deactivated] on 17/09/2015 - 08:27
          +1

          that falcon is pretty quick

        • Click_It on 17/09/2015 - 08:57
          +1

          @DIVISIONX:

          Funnily enough I think that's word for word what I said at the time :)

          Months later a friend had their money stolen overseas, with ANZ and had the same experience. They seem the best of the 4 evils in that regard.

    • CheapCoffee on 13/09/2015 - 10:31
      +7

      Credit card fraud is easier to track than online banking fraud though. And I believe it is much easier to reverse the transaction.

    • ItsMeAgro on 14/09/2015 - 11:50

      This gives me a great idea for how to increase customer loyalty!

      The banks could just call you once in a while and spin some tale like "Some hackers scanned your paypass in your pocket" (or something) "But don't worry, we already caught them and refunded your money cause we're awesome!".

      Studies show you're actually more loyal to companies that fixed their screwups than those that made none in the first place.

    • ilikeradiohead on 14/09/2015 - 12:18

      Something sort of similar happened to me recently. Someone tried to purchase 2x plane tickets from Perth to LAX on a Canadian website. ANZ rejected the purchase and froze the accounts. The only difference is that the person who was trying to purchase the flights was me. I also didn't realise the account had been frozen, and looked like a twat when I was at the pub the next day trying to use multiple ANZ credit cards to purchase a pint haha.

      ANZ only told me that they did this after about 30 mins, so in that time I had no idea what was going on, used my AMEX platinum edge to purchase the flights instead. AMEX also told me that someone was trying to use my card for a suspicious transaction, but it was immediately afterwards, so I rang them and got them to unlock the card to purchase the tickets.

      I guess I'd rather be put out slightly than be robbed, but since the banks refund your money anyway they are not creating a great incentive for me to be careful.

  • DARK KHAOS on 12/09/2015 - 10:48
    +1

    Just get yourself a security token and sleep sound at night. $20 if you go with suncorp.
    Might pay to have all your devices checked for malware while you are at it.

  • srhardy on 12/09/2015 - 17:03

    1) Use a password manager, like 1passpwrd, roboform
    2) Use a VPN, your own not a free one on your mobile, network and laptop
    3) use OSX and not windows, sorry 99% of all shite happens on windows, then 1% OSX and almost none on LINUX

    a work around is to create a free virtual machine of linux on either windows/mac and use that for banking with 1 & 2
    Use virtualbox and pick a linux distro like ubuntu

    Change your life, get secure, its your money after all

    • Geekomatic on 13/09/2015 - 00:45
      +1

      Here's a really quick & easy way to have Linux Mint on a bootable USB drive:

      http://www.ubuntu.com/download/desktop/create-a-usb-stick-on…

      Once you have that, you can boot to Mint, do your banking & save a copy of the bank receipt, etc, to the Mint desktop. Then, copy it to the "actual C drive" desktop to save it for when you're done & back into Windows (should you be one of the unfortunate running Windows- ;)

      Cheers

  • Geekomatic on 13/09/2015 - 00:41
    +2

    One easy way to bypass keystroke loggers is to use the on-screen keyboard. A lot harder to track, as mouse-clicks don't registers as "keys".

    FYI

    • ilikeradiohead on 14/09/2015 - 12:10
      +1

      Yeah Citibank used to do that, but it was such a PITA that I avoided the website at all costs. They don't do it anymore as far as I'm aware.

      • Geekomatic on 15/09/2015 - 00:15

        PITA=more secure

        Convenient=not so secure

        Take your pick, I suppose?

        I heard the same gripe about the tokens which some banks use to verify online activity. I'm happy to go through that extra layer- knowing I am the ONLY one who has that final piece of the log-in puzzle.

        ;)

        • eug on 15/09/2015 - 00:20

          I heard the same gripe about the tokens which some banks use to verify online activity. I'm happy to go through that extra layer- knowing I am the ONLY one who has that final piece of the log-in puzzle.

          I find a keyfob inconvenient as I have to make sure I always carry it back and forth every day to work and back. I much prefer SMS - it's a little less secure, but secure enough for my low-profile use I think!

  • samdong on 13/09/2015 - 02:23
    +2

    It happened to me as well…Even I had netcode sms on….my money more than 4000 transfered to Russian appearing Name.I had international transfer limit was increased from 0 to 5000 by hacker without receiving any netcode sms. I reported it after 5 to 6 hours…couple of phone from security team or fraud detedction team.. got my money back within two weeks…..

  • nikhi24 on 13/09/2015 - 07:47

    We have joint accounts. 1 active, 1 with a bit of savings to transfer around and 1 real savings where we have to go into branch and sign for it to get any money out. I prefer it that way :)

  • Ahir87 on 13/09/2015 - 09:01
    +5

    Had the same issue last month, got 10 cents deposited into my joint account from paypal, then next day $3000 from my saving ac was transferred to joint ac and was debited to paypal, called the bank immidiatley they asked me to change the password and call paypal to register the fraud. As the transfer was still pending, bank stopped it and i got the money back straight away.

    • kingmw on 13/09/2015 - 14:29

      Was it CBA?

      • Ahir87 on 14/09/2015 - 10:03
        +1

        YES

  • Diji1 on 13/09/2015 - 11:22
    +1

    Now we are looking for a new SAFE banking system with a competitor - any suggestions?

    OK the first thing to realise is that DOES NOT exist. Stop pretending and looking for a fantasy. 2FA (digicode, netcode) is great but it has been successfully bypassed before so while you are right to use it doesn't make you unattackable.

    If you want to make your banking as safe as possible i would recommend buying or setting up a secure Linux on a read-only USB key that is ONLY used for internet banking and nothing else. The process for ALL of your internet banking is to reboot a computer with the USB key, do your banking and switch the computer off. This was you have almost no chance of OS compromise because it is loading a "just installed" OS every time.

    If you are technically "clueless" this is one that's setup for the specific purpose of safe, convenient internet banking: http://krebsonsecurity.com/2014/07/wireless-live-cd-alternat… which I can recommend.

    The virtual machine idea that's suggested is more secure in some situations (so not a bad idea I'm saying) however there is still the scenario of an infected OS being able to monitor keystrokes or even manipulate the VM itself from the host OS.

    • rolypoly on 13/09/2015 - 16:25

      I don't know a massive amounts anything about computer security so this may be a dumb question but wouldn't a live linux version just slowly get out of date because it does not get any updates?

      • Diji1 on 13/09/2015 - 21:00

        Sure until you update it.

        Which isn't the point really: the security lies in the fact that the OS is always clean and never does anything else other than communicate with your banks website. Unless your bank's website has been compromised somehow there is nowhere to attack.

    • eug on 14/09/2015 - 10:54

      Sandboxie is a simple alternative that can work for people with more basic requirements. It sandboxes your browser or any other apps so everything you do (including getting infected) will be contained within a sandbox. You can then just empty the sandbox after every session. Or you can empty the sandbox before logging in to your bank to start with a clean slate.

  • TurkishDelight on 13/09/2015 - 12:01
    +1

    ahaha if they hack into mine, they would end up helping me to pay my loan back and $10 for my daily lunch. lol

  • DarkOz on 13/09/2015 - 17:18
    +4

    Stop visiting free porn sites. That's where you picked up the keylogger.

    • Shwayne on 14/09/2015 - 14:58

      Unlikely, as these attacks are usually targeted. (Hence why it works on CBA of all banks.)

Login or Join to leave a comment
Login Join